Detect root, emulation, debug mode and other security concerns in your Xamarin apps
Grab the latest NuGet package and install in your solution:
Install-Package Plugin.BreachDetector
In your iOS app, update the Info.plist and add the following URLs (those are queried as part of detecting jailbreak):
<key>LSApplicationQueriesSchemes</key>
<array>
<string>cydia</string>
<string>undecimus</string>
<string>sileo</string>
<string>zbra</string>
</array>
Additionally, if you want to use GetDeviceLocalSecurityType()
method on iOS, you need to add an additional key to the Info.plist:
<key>NSFaceIDUsageDescription</key>
<string>Use a nice explanation here</string>
using Plugin.BreachDetector;
var isRootOrJailbreak = CrossBreachDetector.Current.IsRooted();
var isVirtualDevice = CrossBreachDetector.Current.IsRunningOnVirtualDevice();
var inDebug = CrossBreachDetector.Current.InDebugMode();
var fromStore = CrossBreachDetector.Current.InstalledFromStore();
var localAuthentication = CrossBreachDetector.Current.GetDeviceLocalSecurityType(); // values: Unknown, None, Pass, Biometric
Note: For a method that returns bool?
, you can expect the result to be null if the platform that is running doesn't have an appropiate representation (example: IsRooted
will return null
for UWP).
The sample app in this repository also contains some good practices implementations that are not part of the BreachDetector library, but that you can copy into your own code:
Xamarin.Essentials VersionTracking to track the install versions of your app in the user device. If the current version is deprecated, you should take the user to a screen where it is asked to download the updated version. Here is an examlpe.
Secure
flags for the Window, here is an example. This will hide the content of the UI when the app is in background and also prevent the user from taking screenshots. Please be aware though the scope has some limitations related to child windows.The sample app in this repository has this mechanism implemented. You can see it here.
Yes, please! Issues are open for bugs/ideas and PRs are also welcome.
BreachDetector is licensed under MIT.